Title

Authors

Document Type

Publisher

We-B centre, School of Computer and Infomation Science, Edith Cowan University

Faculty

Computing, Health and Science

School

Computer and Information Science, Centre for Security Research

RAS ID

1809

Comments

This article was originally published as: Valli, C. (2003). Honeyd - A OS Fingerprinting Artifice. Proceedings of 1st Australian Computer Network and Information Forensics Conference. Perth, Australia. We-B centre, School of Computer and Infomation Science, Edith Cowan University. Original article available here

Abstract

The research looks at the efficiency of the honeyd honeypot system to reliably deceive intruders. Honeypots are being used as frontline network intelligence and forensic analysis tools. A honeypots ability to reliably deceive intruders is a key factor in gathering reliable and forensically sound data. Honeyd's primary deceptive mechanism is the use of the NMAP fingerprint database to provide bogus OS fingerprints to would be intruders. Tests conducted by the author on honeyd's ability to provide bogus fingerprints sees 78% of 704 signatures invalidated under heavy probing. However, the tests left 152 viable signatures for producing hardened honeypot designs.